From 10eac3cc2caf6e3c94973bca4edc8033a690ae85 Mon Sep 17 00:00:00 2001 From: Sasha Finkelstein Date: Mon, 2 Sep 2024 00:46:43 +0200 Subject: [PATCH] Pass through most environment variables. Change the approach to environment variables to delete ones that are likely to cause problems instead of only passing through a pre-approved list. This will be neccessary to correctly work as a binfmt handler Fixes: #52 Signed-off-by: Sasha Finkelstein --- crates/krun/src/bin/krun.rs | 4 ++-- crates/krun/src/env.rs | 37 ++++++++++++++++++++++++++++++++++++- crates/krun/src/launch.rs | 6 +++--- 3 files changed, 41 insertions(+), 6 deletions(-) diff --git a/crates/krun/src/bin/krun.rs b/crates/krun/src/bin/krun.rs index 7462745..5330c13 100644 --- a/crates/krun/src/bin/krun.rs +++ b/crates/krun/src/bin/krun.rs @@ -1,7 +1,7 @@ use anyhow::{anyhow, Context, Result}; use krun::cli_options::{options, Options}; use krun::cpu::{get_fallback_cores, get_performance_cores}; -use krun::env::{find_krun_exec, prepare_env_vars}; +use krun::env::{find_krun_exec, prepare_vm_env_vars}; use krun::launch::{launch_or_lock, LaunchResult, DYNAMIC_PORT_RANGE}; use krun::net::{connect_to_passt, start_passt}; use krun::types::MiB; @@ -326,7 +326,7 @@ fn launch_vm(options: Options, net_ready_file: File) -> Result<()> { }; let mut env = - prepare_env_vars(Vec::new()).context("Failed to prepare environment variables")?; + prepare_vm_env_vars(Vec::new()).context("Failed to prepare environment variables")?; env.insert( "KRUN_SERVER_PORT".to_owned(), options.server_port.to_string(), diff --git a/crates/krun/src/env.rs b/crates/krun/src/env.rs index 138003a..7219535 100644 --- a/crates/krun/src/env.rs +++ b/crates/krun/src/env.rs @@ -22,7 +22,7 @@ const WELL_KNOWN_ENV_VARS: [&str; 5] = [ /// See https://github.com/AsahiLinux/docs/wiki/Devices const ASAHI_SOC_COMPAT_IDS: [&str; 1] = ["apple,arm-platform"]; -pub fn prepare_env_vars(env: Vec<(String, Option)>) -> Result> { +pub fn prepare_vm_env_vars(env: Vec<(String, Option)>) -> Result> { let mut env_map = HashMap::new(); for key in WELL_KNOWN_ENV_VARS { @@ -83,6 +83,41 @@ pub fn prepare_env_vars(env: Vec<(String, Option)>) -> Result)>) -> HashMap { + let mut vars = HashMap::new(); + for (k, v) in env::vars() { + vars.insert(k, v); + } + for (k, v) in env { + if let Some(v) = v { + vars.insert(k, v); + } + } + for k in DROP_ENV_VARS { + vars.remove(k); + } + vars +} + pub fn find_krun_exec

(program: P) -> Result where P: AsRef, diff --git a/crates/krun/src/launch.rs b/crates/krun/src/launch.rs index c2e8b28..0876aa5 100644 --- a/crates/krun/src/launch.rs +++ b/crates/krun/src/launch.rs @@ -20,7 +20,7 @@ use std::time::Duration; use utils::env::find_in_path; use utils::launch::Launch; -use crate::env::prepare_env_vars; +use crate::env::prepare_proc_env_vars; pub const DYNAMIC_PORT_RANGE: Range = 50000..50200; @@ -142,7 +142,7 @@ pub fn launch_or_lock( let cwd = env::current_dir()?; if let Some(port) = running_server_port { let port: u32 = port.parse()?; - let env = prepare_env_vars(env)?; + let env = prepare_proc_env_vars(env); if let Err(err) = wrapped_launch(port, command, command_args, env, cwd) { return Err(anyhow!("could not request launch to server: {err}")); } @@ -188,7 +188,7 @@ pub fn launch_or_lock( } }; flock(net_ready, FlockOperation::LockShared)?; - let env = prepare_env_vars(env)?; + let env = prepare_proc_env_vars(env); let mut tries = 0; loop { match wrapped_launch(